PC World

Continued support for MD5 endangers widely used cryptographic protocols

The old and insecure MD5 hashing function hasn’t been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including ...
EDN

Cryptography for embedded systems – Part 1: Security level categories & hashing

In this chapter we will look at choosing and optimizing cryptographic algorithms, particularly for resource-constrained systems, such as embedded systems. We will look at various strategies for ...
Ars Technica

Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC

If you thought MD5 was banished from HTTPS encryption, you’d be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely ...
Ars Technica

SHA1 algorithm securing e-commerce and software could break by year’s end

SHA1, one of the Internet’s most crucial cryptographic algorithms, is so weak to a newly refined attack that it may be broken by real-world hackers in the next three months, an international team of ...
Bleeping Computer

Oracle to Block JAR Files Signed with MD5 Starting with April 2017

Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle ...
ZDNet

Putting the cracking of SHA-1 in perspective

SHA-1 is one of the most prevalent forms of a secure hash algorithm used in the legal and security industry. Now that Professor Xiaoyun Wang and her associates in Tsinghua University and Shandong ...
ZDNet

A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, miniBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, and X3cms.